GPS more vulnerable than previously thought

(LiveHacking.Com) – The Global Positioning System (GPS) has grown from its simple beginnings to a ubiquitous and trusted source for positioning, navigation, and timing data. GPS chips are built into everything from Sat Nav systems to mobile phones and from vehicle tracking systems to digital cameras. It has always been possible to jam and spoof GPS signals, since they are just radio transmissions from the orbiting satellites, but now new research has been published which shows that when treated as a complete computer system, GPS is more vulnerable than previously thought.

The research paper, which has been published by Carnegie Mellon University and Coherent Navigation, shows that a 45 second GPS message can disable over 30% of the Continually Operating Reference Station (CORS) network. CORS, which is used for many safety and life-critical applications, provides Global Navigation Satellite System (GNSS) data which is used by surveyors, GIS users, engineers, scientists to improve the precision of their positions.

The new, larger attack surface for GPS now includes the following three areas:

GPS Data Level Attacks – Producing good, bad, and wrong data at higher-levels such as the navigation message in real time with the valid GPS signal. These data-level attacks can cause more damage than simple spooﬁng including the ability to remotely crash a high-end professional receiver.

GPS Receiver Software Attacks – The GPS software stack in a receiver can be compromised, in some cases remotely.The danger is that if the GPS receivers is treated as a device, rather than a computer system, the vulnerabilities could remain unpatched.

GPS Dependent System Attacks – Most systems which use GPS data implicitly trust the data. Since there is no validation of the data it is possible to affect system which depend on GPS data but are’t themselves GPS receivers. The researchers have shown that it is possible to permanently de-synchronize the date of Phasor Measurement Units (PMUs) used in the smart grid.

To carry out the “attacks” the researchers designed a GPS phase-coherent signal synthesizer (PCSS). Like a hybrid receiver and satellite in a box, the PCSS has an input antenna that receives live GPS signals, and outputs malicious signals. It also allows full programmatic control over the GPS signals in real time. The total hardware cost of the PCSS is about the same as a high-end laptop – around $2,500.

“Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack,” wrote the paper’s authors.

These new attacks highlight the possibility of causing serious damage using only a few thousand dollars worth of hardware. As a result the researchers are recommending the use of an Electronic GPS Attack Detection Systems (EGADS). An EGADS is similar in spirit to a network or host IDS system, but designed to detect GPS attacks.